GRC Flashcards

1
Q

Define Governance

A

Ensuring that organsational activities are aligned with business goals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Risk

A

Any risk or opportunity associated with business activities is identified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Compliance

A

business activities operated to meet laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the benefits of GRC?

A
  • improved decision-making
  • more optimal investments
  • reduced fragmentation among departments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Discuss NIST

A

National Institute of Standards and Technology
- creates voluntary framework - no penalties or fines for not following
- provides customisable guide
- combined standards, guidelines and best practices
- encourages communication
- common risk language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Discuss ISO

A

International Organisation for Standardisation
- international, non-governmental organisation
- consists of various bodies that develop and publish standards
- ISO 27000 - security requirements around maintenance of information security management systems
- ISO 31000 - governs principles of implementation and risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Outline PCI-DSS

A

Payment Card Industry Data Security Standard
-Independent body created by financial firms. Standard - not law.
- Consists of 12 requirements
- designed to reduce fraud and protect CC informattion
- contractually required of any company handling CC information
- consequences of not complying - penalties from CC companies, data breaches, legal action, lost revenue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Outline GDPR

A

General Data Protection Regulation
- EU regulation
- Regulates data protection and privacy of citizens in EU
- Applies to - any company in the EU, any company handling the data of an EU citizen
- Penalties - Up to 20 mil euros, up to 4% of global revenue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly